9 matches found
SUSE CVE-2018-16984
An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the "view" permission new in Django 2.1...
Security fix for the ALT Linux 9 package python3-module-django version 2.2.3-alt1
July 15, 2019 Alexey Shabalin 2.2.3-alt1 - 2.2.3 - build python3 only - rename package to python3-module-django2.2 - Fixes for the following security vulnerabilities: + CVE-2019-12781 Incorrect HTTP detection with reverse-proxy connecting via HTTPS + CVE-2019-12308 AdminURLFieldWidget XSS +...
Security fix for the ALT Linux 10 package python3-module-django version 2.2.3-alt1
July 15, 2019 Alexey Shabalin 2.2.3-alt1 - 2.2.3 - build python3 only - rename package to python3-module-django2.2 - Fixes for the following security vulnerabilities: + CVE-2019-12781 Incorrect HTTP detection with reverse-proxy connecting via HTTPS + CVE-2019-12308 AdminURLFieldWidget XSS +...
FreeBSD : Django -- password hash disclosure (004d8c23-c710-11e8-98c7-000c29434208)
Django release notes : CVE-2018-16984: Password hash disclosure to 'view only' admin users If an admin user has the change permission to the user model, only part of the password hash is displayed in the change form. Admin users with the view but not change permission to the user model were...
CVE-2018-16984
An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the "view" permission new in Django 2.1...
CVE-2018-16984
An issue was discovered in Django 2.1 before 2.1.2, in which unprivileged users can read the password hashes of arbitrary accounts. The read-only password widget used by the Django Admin to display an obfuscated password hash was bypassed if a user has only the "view" permission new in Django 2.1...
CVE-2018-16984
CVE-2018-16984 affects Django 2.1 before 2.1.2, where unprivileged admin users with view permissions can see full password hashes in the change form. The issue is due to bypassing the read-only password widget used to obfuscate hashes. Public records across multiple feeds (including Debian/ALT Li...
Django -- password hash disclosure
Django release notes: CVE-2018-16984: Password hash disclosure to "view only" admin users If an admin user has the change permission to the user model, only part of the password hash is displayed in the change form. Admin users with the view but not change permission to the user model were...
[ASA-201810-5] python-django: information disclosure
Arch Linux Security Advisory ASA-201810-5 ========================================= Severity: Medium Date : 2018-10-01 CVE-ID : CVE-2018-16984 Package : python-django Type : information disclosure Remote : Yes Link : https://security.archlinux.org/AVG-773 Summary ======= The package python-django...